Rubyonrails: Security Vulnerabilities
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
CVSS Score
7.5
EPSS Score
0.015
Published
2020-06-19
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
CVSS Score
7.5
EPSS Score
0.074
Published
2020-06-19
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
CVSS Score
9.8
EPSS Score
0.054
Published
2020-05-12
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-05-12
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
CVSS Score
4.0
EPSS Score
0.009
Published
2020-03-19
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-11-12
CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Known exploited
CVSS Score
7.5
EPSS Score
0.943
Published
2019-03-27
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
CVSS Score
7.5
EPSS Score
0.121
Published
2019-03-27
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
CVSS Score
9.8
EPSS Score
0.937
Published
2019-03-27
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-11-30